kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Canton <davijcan...@gmail.com>
Subject Re: Retrieve Kafka Principal from Client
Date Mon, 20 Apr 2020 21:55:42 GMT
Hi Brandt,

The username is used as the principal for SALS/PLAIN. Check
*sals.jaas.config* value at the client's configuration file.

Let me know if I haven't understood you correctly.

Best regards
Dave
Newton, Brandt (CAI - Burlington) <Brandt.Newton@coxautoinc.com> schrieb am
Mo., 20. Apr. 2020, 21:30:

> Hi All,
>
> I’d like to determine the principal of the credentials that were used to
> authenticate so I can check that the principal’s ACLs.
>
> I’m using the Kafka client libraries (NetworkClient specifically but
> that’s not a requirement) to connect to a Kafka cluster using the SASL_SSL
> security protocol and PLAIN mechanism. I only provide the password in
> sasl.jaas.config and I’m able to successfully authenticate with Kafka and
> make requests.
>
> Is there a way to get the principal? I can see the principal if I perform
> an unauthorized action*, but I believe this comes from the server.
>
> Thanks,
> Brandt
>
>
> *Principal is visible in TentantMetaData user=principal of the not
> authorized message:
>
>  Request Request(processor=8, connectionId=XXXX,
> session=Session(MultiTenantPrincipal(tenantMetadata=TenantMetadata(tenantName='XXXX',
> clusterId='XXX', allowDescribeBrokerConfigs=false, isSuperUser=false),
> user=12345),ip-XXXX), listenerName=ListenerName(EXTERNAL),
> securityProtocol=SASL_SSL, buffer=null) is not authorized.
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message